The Norman Transcript

September 15, 2013

Fake Flash Player updates are trashing computers


The Norman Transcript

NORMAN — Not long ago, I was surfing the website of a popular local publication, reading stories and other items that interested me, when a new page suddenly appeared with an official-looking notice that said, “Attention! It is recommended that you download Flash Player to continue. To learn more, click OK.”

“Wait a minute,” I thought. “I already have Flash Player installed. In fact, I have the latest version of Flash Player installed because I make sure it is always kept up to date.”

Just to confirm that my version of Flash Player was indeed the latest one available, I visited the makers of Flash Player, Adobe.com, where the latest versions may be found. I compared the number of the version I had installed with the latest version number shown on their website. Sure enough, I already had the latest version of Flash Player installed.

This led me to believe that what I was seeing was a con designed to trick me into installing a fake update which, in turn, would install computer viruses and other assorted bogus programs. I had heard of such things, but this was the first time I had seen a fake update for myself.

I started looking around the Internet for any information that could confirm my suspicions but didn’t find much because, at the time, this particular fake update was a relatively new phenomenon.

Next, I sent an email to those in charge of the offending website and warned them they were infecting people’s computers with a fake Flash Player update. I then decided to use one of my “test” computers, revisit the website and see what would happen to someone who installed the fake update.

I do things like this on occasion using computers I have set aside for testing purposes. With these computers, it’s OK if they get hacked, trashed, infected and otherwise abused because, if they do, I just erase the hard drives, reinstall Windows and keep going.

After clicking on a few news stories at the suspect website, the fake Flash Player update appeared again. This time, I clicked “OK,” saved the file to my hard drive, gave it a good double-click and sat back as something called “Flash Player Pro” proceeded to trash my computer.

To start with, the Flash Player Pro “setup wizard” downloaded a crazy package of junk software with names like Whitesmoke Community Toolbar, Conduit Search Protect, the GetSavin browser plugin, GetSavin popup ads, GetSavin Toolbar and GetSavin spyware and hijacked my browser’s homepage, changing it to “Conduit.”

It then installed the “Download Terms” app toolbar, PC Utilities Pro, PC Optimizer Pro, VAFPlayer and the DefaultTab Search Toolbar.

While some of these are not viruses per se, they are all bogus programs designed to ultimately separate you from your hard-earned cash. Some of them installed without warning, some did not.

Next, Avast Antivirus, my real antivirus program, sent up a “file reputation warning” and advised me to not install anything else. I ignored the warning and clicked “continue.” This took me to a website called “yourmplayer.com” and some other things started installing. Then, the bogus “PC Optimizer Pro” program started a fake virus and registry scan.

After displaying a ridiculously long list of alleged problems, it told me to click “Fix Now,” which opened a web page asking me to “register” before it would fix any of the so-called problems. Of course, the registration process involved a credit card number, so I bailed out.

Sadly, the offending website owners were ignoring my warning that they were infecting visitors to their site. A week passed. Meanwhile, I started getting calls from local customers who had visited the same website and were horrified to learn their computers had been rendered useless. Their computers needed to be repaired.

It took additional, more tersely worded email warnings to make the hacked website’s owners pay attention and clean up their act, which they finally, almost a month later, did.

Should websites be held accountable if they are hacked and start infecting visitors, causing them to spend money repairing their computers?

Better security practices employed by the website’s owners could have prevented the problem but were not used. Who should be held responsible? What do you think?

Dave Moore has been performing computer consulting, repairs, security and networking in Oklahoma since 1984. He can be reached at 919-9901.